Ah is this one of the fedi projects supported by French govt funding? They fund a lot of good shit.
ProletarianDictator
joined 2 years ago
Not sure why, but I'd assume it's because the devs don't use docker in the development process, so it's less tested. Also might be WebTorrent having networking quirks, but idk. Docs also say something about not being able to handle changing hosts, which might be relevant, but that wording is ambiguous, so I'd normally think they mean "hostname"
This is good practice for something like a desktop machine.
Servers, especially explicitly communist peer-to-peer filesharing servers, require a degree of bulletproofing beyond this. Every chud or lib who can use the command line is gonna want to own your box, let alone more capable people or entities. All it takes is one CVE, and a PeerTube instance, nftables, and openssh is a lot of exposed surface area.
Idk, maybe I'm more paranoid than most, but I'd at least look into containerizing this setup. There's a lot of hardening that can be done, but containers probably give you the most bang-for-buck effort-wise.
Firewalling always seems so finicky. I'd say binding SSH to the wireguard interface is a better bet. I don't let anything route outside wireguard unless I'm explicitly hosting it for the public.
Highly, highly recommend containerizing your setup.
Keeps your runtime environment nice and consistent:
- Execution environment defined entirely in the container image
- Networking confined to only the container interface
- Data persists on only the very specific paths you mount into the container
No need to fuck with root privileges because it's all stateless. Just SSH as a user in the docker group to talk to the docker socket, and bind that to your wireguard interface. And if shit gets owned, you can nuke everything since it all comes from images and just restore a backup.
That's not reassuing 😅
Also, a kind, certified security expert contacted me by email and offered me a FREE assessment of my private keys and he said they meet "top standards"!
Please tell me this is a joke and you didn't send some rando your private keys.
You don't need to use Whisper, I got some names mixed up. I was thinking of wyoming-faster-whisper which uses the FOSS speech to text system faster-whisper, but there are others that can be used.
Edited my original comment to fix that.
Wyoming is a protocol for voice assistants.
It ties together:
- speech recognition services (faster-whisper, vosk, whisper.cpp, OpenAI's Whisper API)
- text to speech services (piper)
- wake word detection services (openWakeWord, snowboy, porcupine1)
- intent handling services
- intent recognition services
Home Assistant can interact with that protocol. I think the addons run servers for various components used by the wyoming protocol server that the integration can use, but I run it separate from Home Assistant, so idk.
Not sure what futo is capable of, but you can use anything that can communicate with a wyoming server. I'm willing to wager you can, but idk.
OpenAI's ChatGPT API and LLM models are orthogonal to this, but probably could be used as an intent or as the fallback when no other intent was recognized. So I'm pretty sure you could link up getting a response from OpenAI or any other LLM API, but I haven't tried setting that up for myself yet. wyoming-handle-external lets you pipe the input text to the stdin of whatever program you give it and responds with the program's stdout, so you could definitely use this to pass it to OpenAI or Ollama.
Understandable! I'm learning Rust, so hopefully I can start contributing to the Lemmy server soon.
view more: next ›
Framasoft is a non-profit according to their site. Dont know where I saw govt funding, but I think the French govt gives them an alotment.
They seem alright: